The Tools for Understanding the Global War 
on Terror, Cyber War, Iraq, the Persian Gulf, 
China, Afghanistan, the Balkans, East Africa, 
Colombia, Mexico, and Other Hot Spots 


A QUICK & DIRTY GUIDE TO 


— a = 
a Se —— 


CONTENTS 


Preface to t 
Introductio 
How to Use 
PA 13 
Chapter 1 « 
Look cing Over Bin LadeiT 

Look 


Late 


at Night? 
Look Back: The Suitcase from Allah—Nuclear Kamikazes 


Quick Look: Why Mercenaries Survive and Thrive 
Chapter 2 « Cyber War 
Quick Look: The Estonian Cyber Skirmish: 
War—or Crime—in Cyberspace? 


vi A Quick and Dirty Guide to War 


PART TWO: THE MIDDLE EAST 63 


Chapter 3 ¢ Iraq, the Arabian Peninsula, and the 30 Years’ War 65 


Quick Look: Sunnis and Shiites—Arab vs. Persian, 
Arab vs. Arab 
Quick Look: NGO (Non-Governmental Organization) 
Blues 
Chapter 4 ¢ Israel and the Middle East: Babies, Shekels, 
Ballots, and Bullets 
Extended Look: The Wars for Lebanon 
Chapter 5 ¢ Iran: The Mullahs’ Many Wars 
Quick Look: Submarines or Suicide Boats? 
Quick Look: Poison Gas—The Evil Genie in the Bottle 


PART THREE: EUROPE 183 


Chapter 6 « Balkans: Back to the Balkans 
Quick Look: Greece and Bulgaria 
Look Back: Yugoslavia 1991 
Quick Look: European Tribes—The Mosaic of the EU, 
the Mosaic of Europe 
Quick Look: Migrants and Refugees 
Chapter 7 « Russia: The Empire Struggles Back 
Quick Look: The “Mingle” Factor and the Cost 
of “Unmingling” 
Quick Look: Well, What About the Nuclear Weapons? 
Quick Look: The Red Army Turns White 
Extended Look: Turkey—The Shaky Bridge 
Quick Look: Armenia and Azerbaijan 


100 
103 
107 
139 
153 


179 
179 


185 
249 


254 


261 


Contents 


PART FOUR: ASIA 321 


Chapter 8 « Korea: The Strange Kingdom 
Quick Look: Indonesia—East Timor, the Moluccas, 
Irian Jaya, Aceh, and Jemaah Islamiya 
Quick Look: The Philippines—The Recovering Man 
of ASEAN 
Extended Look: China 
Chapter 9 « South Asia: India, Pakistan, Nepal, Sri Lanka, 
and Afghanistan 
Look Back: Afghanistan Before 9/11 


PART FIVE: AFRICA 403 


Chapter 10 « Congo: Heart of Darkness 
Quick Look: Rwanda, Burundi, 
and Republic of Congo (Brazzaville) 
Quick Look: Uganda 
Quick Look: Sub-Saharan Africa West—Nigeria 
Quick Look: Sub-Saharan Africa East—Kenya 
Quick Look: Farther South—Zimbabwe and South Africa 
Quick Look: “FranceA frique” 
Chapter 11 « The Grand Sahel, Sudan, and Darfur: 
Bad Ecology, Bad Politics, Bad Blood 
Quick Look: The Berber Question 
Quick Look: Tribalism and Colonialism 


323 


349 


352 
355 


369 
400 


405 


426 
429 
431 
432 
433 
435 


437 
475 
477 


Chapter 12 « Wars of the Horn: Somalia, Ethiopia, and Eritrea 481 


viii A Quick and Dirty Guide to War 


PART SIX: THE AMERICAS = 505 


Chapter 13 « South America’s Arc of Fire: Colombia, Ecuador, 
Peru, and Venezuela 507 
Quick Look: The Peru-Ecuador Border War of 1995 544 

Quick Look: Bolivia, Chile, and Peru—The Lingering War 


of the Pacific 546 
Quick Look: Cuba—Viva Fidel! The Last Days 
of the Castro Regime 547 
Quick Look: Brazil’s Geostrategic Goals 549 
Chapter 14 « Mexico: Calderén in the Cauldron 553 


Quick Look: The United States and Canada—Controlled 
Anarchy on the North American “Island of Stability” 585 


PART SEVEN: DATABANKS ON WARS AND ARMIES, 
PRESENT AND POTENTIAL 589 


Data and Sources, 2008 Edition 617 
Index 621 
About the Authors 629 


CHAPTER 2 


Cyber War 


INTRODUCTION 

The First Great Cyber War (a decisive struggle over the Internet and 
within the Internet) has not been fought—yet. Cyber skirmishing, how- 
ever, is frequent and fierce, a second-by-second form of digital combat 
that provides some idea of what the cyber “big one” might be like. The 
stakes in this new geography of warfare are huge. The Internet is now a 
major part of the planet’s commercial and communications infrastructure. 
Computers store and share vast quantities of information—including such 
obvious targets in a cyber war as vital economic, military, intelligence, 
communications, and politically sensitive information. 

Yet this new geography of warfare has several things in common with 
combat on land, sea, and air. 

Waging a successful cyber war depends on two things: means and vul- 
nerability. The means are the people, tools, and cyber weapons available to 
the attacker. Think of these as the combat forces. The vulnerability is the 
extent to which an enemy’s economic and security organizations use the 
Internet and networks in general. These are the targets. 

While we don’t precisely know who has what cyber war capabilities, 
we do know that nations like China and the United States have organized 
cyber war units. Both nations have many skilled Internet operations, soft- 
ware, hardware, and communications experts. 

Vulnerability is another matter. The United States is the most exposed 


48 A Quick and Dirty Guide to War 


to cyber war attack because, as a nation, it uses the Internet more than any 
other country. That’s the bad news. The good news is that if an attacker 
ever tried to launch a cyber war against the United States, it could back- 
fire. This risk has to be kept in mind when considering what a cyber war 
might do. The Pearl Harbor attack in 1941 backfired on the Japanese: it 
enraged Americans, and the retaliation it unleashed left Japan in ruins. 
The lesson of the original Pearl Harbor is that if you're going to hit some- 
one this way, make it decisive. 

Could some nation, organization, or extremely able single person fight 
and win the First Great Cyber War? No one really knows. At one time the 
question involved science fiction speculation. But not anymore. 


TYPES OF CYBERWAR 


Based on the cyber weapons that exist and ones that are theoretically 
possible, there are three general types of cyber conflict: 


1. Limited stealth operations (LSO)—These are cyber war operations 
that primarily support espionage programs. China is the biggest prac- 
titioner, or at least it has been caught most often. 


2. Cyber war only (CWO)—This features the full range of cyber war 
weapons. No one has done this yet, but it is (potentially) less danger- 
ous than firing missiles and unleashing tank divisions. Russia may have 
conducted this type of operation against Estonia after Estonians infu- 
riated the Russians by moving a World War II statue memorializing 
their “liberation” by the Soviets. (Estonians did not want to be liber- 
ated by the Soviet Union.) Russia denied responsibility for the massive 
computer assaults, which all but shut down the smaller nation’s Inter- 
net infrastructure. Estonia accused Russia of doing it on purpose and 
tried to invoke the NATO mutual-defense pact. NATO cyber war ex- 
perts went to Estonia, and shortly thereafter the attacks stopped. Ap- 
parently Russia got the message that a CWO attack could escalate into 
something more conventional and deadly. It later turned out that the 
cyber attacks on Estonia were conducted by Russian citizens, without 
any support—or interference—from the Russian government. This 
shows another aspect of cyber war: the power of civilian hackers who 
operate as something of a militia. China has made great use of this. 


3. Cyber war in support of a conventional war (CWSC)—In the guise of 
electronic warfare, this type of cyber support operation has been going 


Cyber War 49 


on since World War II. However, with the Internet now a major part of 
the planet’s commercial infrastructure, electronic warfare has moved 
to another level. CWSC now goes after strategic nonmilitary targets 
(e.g., international lending and trading systems), not just the electronic 
weapons and communications of the combat forces. 


ALL ROADS LEAD TO THE INTERNET— 
OR QUICKLY CONNECT 

At one time all roads led to Rome. Now the information superhighway 
goes practically everywhere. The Internet is, in a sense, the new Rome. 
Rome had stout walls. It also had a lot of enemies. 

How does a modern barbarian horde of hackers attack using the infor- 
mation superhighway? 

The Internet itself is a huge target. Shutting down the entire Net is a 
possibility, though a successful “total destruction attack” (TDA) would 
make additional Internet attacks impossible. The attacker with the ability 
to execute a TDA would then face an ironic situation: his primary weapon 
would be of little use. So whatever kind of cyber war might unfold, the In- 
ternet itself would be left alone, or would be the last thing to go. 

The Internet, however, has several hundred different types of targets 
and literally several trillion discrete targets, if one considers individual 
computer files, programs, or lines of code as targets—and they are. 

A single country’s Internet access is a type of target. Taking down a 
country’s Net access (national denial of service, or NDOS) is a very likely 
cyber war scenario, although an NDOS attack on even one small nation 
(Estonia, for example) is a formidable undertaking because an attacker 
must assault a complex array of individual targets in order to digitally 
blind the country. The United States offers a much stiffer and more com- 
plicated challenge. It has several separate Internets: the regular Internet, 
four separate government Internets, and Internet2, the experimental next- 
generation Internet. Taking down the main Internet won't do as much 
damage to the other Nets; though the U.S. would suffer tremendous eco- 
nomic dislocation and damage, its governmental functions would con- 
tinue—unless, the enemy managed an extraordinary simultaneous attack 
on the government Internets. 

With the Internet still intact, however, an attacker can continue to 
cause mayhem and seed confusion. Software worms and viruses destroy 
enormous quantities of data. In a cyber war, attackers would launch the 
most destructive versions of these programs—large numbers of them blos- 
soming simultaneously and then randomly throughout the Internet and in 


50 A Quick and Dirty Guide to War 


vulnerable computer and communication systems. The destruction could 
include taking down military, government, and commercial websites. 
Other cyber war weapons could be used, like distributed denial of service 
(DDOS) attacks and designer viruses that destroy routers and other spe- 
cialized computers that drive the Internet. 

Practically any web server or computer connected to the Internet can 
be hacked. There are many cases of individual or small groups of hackers 
getting into hundreds of servers over a short period. These instances are 
the ones where the hackers were caught. What makes a lot of people 
nervous is not knowing how many people do this sort of thing without 
ever being detected. We know this happens because some attacks are de- 
tected long after they took place, and some arrested hackers give details 
of past undetected attacks. One reason many attacks are undetected in 
peacetime is that the average website is more likely to be down from the 
usual foul-ups that require a server reboot (hardware or software failure 
or human error) than from a hacker attack. Well-protected servers are 
rarely hacked; web vandals tend to strike poorly protected servers. The 
damage and disruption of a cyber war, however, would be too widespread 
and intense to misinterpret. 

Beyond websites, there are many industrial and communications facil- 
ities that depend on computers to keep functioning. Transportation sites 
include the handful of rail yards that support most of the nation’s rail traf- 
fic. Truck traffic can be crippled by attacking the computers that control 
fuel supplies (refineries, pipelines, storage sites, and distribution systems). 
Hitting these fuel targets would also hurt air transportation. Commercial 
aircraft can be hampered by getting into the computers used for the air- 
traffic control system. The extensive maintenance systems for commercial 
aircraft are also dependent on Internet-connected computer systems. 

The majority of computers used by American businesses operate in a 
network of some type and usually have an Internet connection as well. 
This means the number of potential commercial targets in the United 
States is enormous. Though many businesses can operate without their 
computers, they would not be able to do so very well. 

Non-Internet communications are also quite vulnerable. Disrupting or 
shutting down financial systems like the U.S. Federal Reserve system dam- 
ages both national and international financial operations. The Federal Re- 
serve is acutely aware of the vulnerability of its money transfer system. After 
years of planning and preparation to upgrade its network, in March 2002 it 
decided, at the last minute, to change plans and dump reliance on Microsoft 
software. Microsoft operating systems were seen as too vulnerable for some- 
thing as vital to the national economy as the Federal Reserve network. 


Cyber War 51 


The electrical power system offers cyber attackers another choice target. 
The power plants themselves often have some remote-control capabilities, a 
lot of it via the Internet. Likewise the power distribution system has a small 
number of large transformers that, if used the wrong way, can be damaged. 
It takes months to build replacements for these transformers, and there are 
only a few spares for the two dozen or so operating in North America. 

Finally, there are those oh-so-vulnerable space satellites and their 
computer-controlled ground stations. Interfere with communications to 
these birds and you take away spy satellites, GPS navigation, weather re- 
porting, and some phone and television networks. 


CYBER SKIRMISHING 

The number of small cyber probes and assaults is increasing. In 2007, 
government officials in Europe and the United States complained openly 
about their administrative and defense computer networks suffering from 
hacker attacks that appeared to be coming from China. Since 2006, the U.S. 
and other Western nations have readily acknowledged that these attacks 
have struck their military and government networks. Sensational? Yes, and 
it has even led to a military recruiting pitch. In early 2008, the U.S. Air 
Force began running a television ad that claimed the Pentagon was attacked 
three million times a day—via cyber assault. The USAF ad featured a ser- 
geant who was fending off the attacks from his computer terminal. 

The attacks, however, are quite serious, and the air force sergeant in 
the ad is definitely a frontline fighter in this war. Attacks have hit such 
major American military sites as National Defense University, the office of 
the Secretary of Defense, the Naval War College, Fort Hood, and several 
defense contractors. British and German government sites were hit as 
well, as were other European nations. 

In the United States, each of these attacks cost $20—30 million to clean 
up. What no one will talk much about is exactly what was lost. The Ger- 
mans admitted that nearly 200 gigabytes of data was transmitted back to 
China. The American, British, and French attacks apparently inflicted 
damage of a similar scale. By 2008, U.S. Department of Defense officials 
were openly admitting to severe data losses because of the attacks in 2007, 
publicly blaming China and asking for permission to go on the offensive as 
a way to discourage these attacks. 

The scary part of this is that these are the attacks that have been dis- 
covered, while they were still under way. The perfect attack is one that is 
carried out without the victim ever being aware that its security has been 
breached and its secrets carried away. In light of this, many NATO nations 


52 A Quick and Dirty Guide to War 


are cooperating and trying to formulate a common policy on how to deal 
with China. The French, for example, will only say that they are certain the 
attacks are coming from China. Officially, the French do not believe it’s the 
Chinese military that’s doing it. Unofficially, the French fear they are fac- 
ing a formidable Chinese cyber war force. 

China denies everything. It also continues to establish the equivalent of 
a “police barrier” within the Chinese portion of the Internet. Many Western 
Internet experts didn’t think this was possible, but with “the Great Firewall 
of China” the Chinese have gone a long way toward proving them wrong. 
(See “The Cyber War Superpowers.’) At the same time, China remains one 
of the most vulnerable Internet neighborhoods. This is largely due to so 
much illegal (i.e., not paid for) operating systems and applications software. 
This stuff tends to be less well-protected than paid-for systems in the West, 
and China has fewer Internet security specialists. 

China has long been suspected as the source of LSO (spying) attacks. 
The highly damaging Code Red virus of 2001 probably came from China. 
The origin of the virus was traced back to China, but the Chinese denied 
any responsibility. Code Red did much less damage in China because there 
the operating system of choice is Linux, while Code Red only attacked PCs 
using Microsoft software. This makes it easier for a nation like China to 
launch cyber attacks on the United States without fear of the weapons 
coming back to hurt China’s growing Internet infrastructure. China, unlike 
other nations hostile to the United States (e.g., North Korea, Iran), has a 
large and growing Internet presence. It has thousands of skilled Internet 
programmers and has admitted it is putting together military units for de- 
veloping and using cyber weapons. 

Other nations also find it useful to steal valuable data from the numer- 
ous commercial, government, and military sites in America. This has been 
going on for several generations, but with the Internet and the many other 
networks now in use, such electronic spying opportunities are much 
greater today. Since spies don’t want to be detected (so they can return for 
more secrets later), this espionage also serves as scouting for damaging 
cyber war attacks. However, the recent deliberate and systematic attacks 
on government and military networks really only benefits another govern- 
ment, which is why the Chinese keep getting fingered. 


LEARNING FROM CYBER SKIRMISHES 

Rampant cyber skirmishing has given cyber warriors a better idea of 
just how vulnerable key targets really are. Probes and limited assaults have 
revealed flaws in specific defenses and sometime in entire systems. The 


Cyber War 53 


people running targeted sites have some advantages in that they have con- 
trol of their servers. Security systems on these servers tend to be changed 
or upgraded regularly, making it more difficult for someone planning a 
cyber assault. An attacker would see many attempts fail because between 
the time the attack was planned (based on information gathered weeks or 
months before) and carried out, too many changes were made in the target 
servers. Nevertheless, the Chinese, or whoever it was/is, continue to find 
the flaws and exploit them. It is known that vast quantities of industrial 
and government documents have been stolen, and some of these items are 
primarily of use to the Chinese. There is no smoking gun, and the Chinese 
deny everything, but a growing body of evidence points east. 

The side with the best information about the state of the Internet, es- 
pecially key enemy sites, will be the most successful in an all-out cyber 
war. The professional cyber warriors plan to unleash their weapons when 
it is clear that working the cyber angle will provide an edge. To an extent 
the United States pulled this off when it hacked, tapped, disrupted, and 
very likely redirected Iraqi wireless networks in 1991 and Serbian net- 
works in 1999 (early CWSC operations). The U.S. has also had experience 
with protecting its own systems in a combat environment, where enemy 
cyber attacks could disrupt an entire operation. In 2001, U.S. forces in 
Afghanistan quickly created wireless voice and data networks that were 
vital for communicating intelligence data (e.g., targets for B-52s) and coor- 
dinating the operations of U.S. Afghan allies (e.g., the Northern Alliance). 
Although this was not mentioned at the time, these networks were ready 
to resist attempts to hack them. Such attacks never came, but American 
cyber soldiers were ready. 

Cyber skirmishing has demonstrated the possible economic and politi- 
cal repercussions of a cyber war. Industrialized nations know they depend 
on the Internet; heavy use of the Internet provides a major boost to eco- 
nomic growth. This dependence offers a less-developed enemy an oppor- 
tunity to engage in “asymmetric warfare” against a more powerful 
opponent. Japan and South Korea, for example, are more concerned about 
a cyber war attack from North Korea than the other way around. 


CYBER TERROR, CYBER SURPRISE 

Nuclear weapons have kept the major nations from going to war with 
each other for the past half century. Every sane person hopes that the 
nukes will remain holstered. Cyber war, however, provides an enemy with 
an opportunity to fight an anonymous war against another nation. This 
has been done in the past, usually in the form of “proxy wars” where one 


54 A Quick and Dirty Guide to War 


nation quietly supports opposition or terrorist groups that combat an 
enemy nation. 

Terrorists could try to execute a major attack on the Internet. Terror- 
ist groups have Internet-savvy members, and there are a number of Inter- 
net-savvy operators who are sympathetic to terrorist organizations. Most 
terrorist groups are enthusiastic Internet users. Osama bin Laden and al 
Qaeda have long made use of the Internet (and said so publicly before 
September 11, 2001). The lack of terrorist attacks via the Internet is actu- 
ally indicative of the amount of skilled manpower an organization needs 
to create and execute an original attack. Once a new virus is created and 
released or a Net software’s newly found vulnerability is exploited, high- 
profile sites (that would be most attractive to terrorists) usually are the 
first to adjust their defenses. Pulling off a damaging cyber war attack re- 
quires talent and technology. Without doubt, a terrorist organization will 
eventually manage to put together such a group, and something grim may 
happen. Will it be sooner rather than later? Note that in late 2001, there 
was a noticeable increase in scanning and probing of U.S. and European 
power plants from locations in the Middle East. Intelligence analysts con- 
cluded someone was trying to “cyber blitz” a nuclear power plant—shut 
down the plant or, worse, subvert its controls. 

As of 2008, the worst terrorist threat comes from radical Islamists liv- 
ing in predominantly Muslim countries (e.g., Egypt, Yemen). These coun- 
tries tend to have the least developed Internet resources in terms of use 
and indigenous experts. But if the terrorists have money (say, the support 
of a Persian Gulf billionaire), there are any number of criminal gangs who 
will deal with them. There's also the possibility that an espionage effort 
might obtain some of the military-grade computer weapons (especially 
viruses and other cyber weapons). At the end of the Cold War, both Russia 
and the United States were surprised at the number of traitors on both 
sides who sold similarly vital information for money. 

China is unlikely to provide cyber weapons for Islamic terrorists, be- 
cause it has its own Islamic minority that has been fighting Chinese domina- 
tion. But since China has cyber weapons that can really only be used against 
American targets, who knows what might happen in this department? 

For many years, the people who inflicted most of the damage on the 
Internet were either a small number of criminals or a large number of 
troublesome teenagers and antisocial creeps with computers. The cyber 
criminals have since gotten more numerous and more highly skilled. There 
are now more than a few thousand of them. Most still specialize in low- 
tech scams employing lots of spam or misleading web pages that “phish” 
for an unwary Net user’s financial or personal information. Big-time Inter- 


Cyber War 


wn 
a 


net criminal scores (taking more than $100,000) are increasingly common 
and not always inside jobs. In addition to cash and data losses, cyber 
crimes also run up big bills for labor costs to get vandalized websites back 
in operation, plus lost business while these sites are down. Companies, by 
the way, are more willing to calculate and announce these losses than they 
are to publicize large thefts of money. 

Even before the arrival of the Internet, it was the practice of large fi- 
nancial institutions to keep such thefts quiet (and eat the loss) rather than 
risk loss of public confidence. This attitude continues to prove problematic 
for police and the FBI. In fact, the FBI is pushing for a law that would allow 
companies to report potentially embarrassing hacks without fear of a Free- 
dom of Information Act request dragging it out into the open. Again, we 
see how the information war angle is closely linked with cyber war issues. 

The most visible web vandals are the millions of “script kiddies” and 
low-level criminals who use hacking and stealing tools readily available on 
the Internet. This group provides a lot of the background noise on the Net. 
If you are monitoring an intrusion detector on a server (or even your own 
PC), you'll see a lot of scans and probes. With a little training, you can 
learn to spot the activities of the pros amidst the much more abundant 
noise and nonsense generated by the amateurs. As a practical matter, the 
professional hackers will hide behind the wall of noise created by all the 
script kiddies and other amateurs who are scanning and hacking. There 
are a lot of thrill seekers who don’t do much harm; they spend most of 
their time sniffing about the Internet without much of a clue as to what 
they are doing. The professional hackers aren't going to come after your 
home PC (except to turn it into a remotely controlled zombie for an illegal 
network), but the amateurs might. That’s not much consolation if one of 
these geeks trashes your hard drive or gums up your Internet connection 
while he tries to use your PC to shut down his high school website. 

It takes the full- or part-time effort of more than 10 million people to 
keep the Internet going. Most of these folks are pretty knowledgeable 
about how the Net works and more than a match for those who are de- 
structive. Except in one area—the black hats and script kiddies have the el- 
ement of surprise. This makes all the difference. If hostile cyber warriors 
attack, the good guys will have to absorb that first hit before they can re- 
cover. The Internet and the people who make it work have proven very re- 
sponsive and capable when hit with a major assault. But this capability 
does not come cheap. The overtime bills, not to mention the wear and tear 
of all those all-nighters, are very expensive. It’s one reason why about half 
the people who become programmers leave the business within 10 years. 
There are less stressful ways to make a living. 


56 A Quick and Dirty Guide to War 


PREPARING FOR THE FIRST GREAT CYBER WAR 

Cyber war is not just a matter of who has the larger number of (cyber) 
combat-trained operators. More important, at least in the initial stages, is 
who has built up the largest stockpiles of munitions. In cyber war, the ammo 
is information—that is, knowledge of vulnerabilities in software connected 
to the Internet, or of major networks not connected to the Internet. 

The software vulnerabilities are basically bugs or flaws that enable a 
hacker to gain access to a computer he is not supposed be in. Not all vul- 
nerabilities are equal; some are much more valuable than others. Commer- 
cial Internet security firms offer rewards to people (usually software 
engineers who spend too much time on the Internet) who first discover a 
“zero-day vulnerability” (i.e., a bug that has not yet been put to use by a 
hacker to create a zero-day exploit). The rewards can sometimes exceed 
$100,000. These security firms, which provide services for corporate and 
government clients, offer the rewards openly. There is a more lucrative un- 
derground market, financed by criminals and some governments, that of- 
fers even larger rewards. 

The commercial firms get after the software publishers to fix the bugs, 
but they have noted that this takes, on average, over 10 months. The pub- 
lishers know that every time they open their source code to repair some- 
thing, there is high risk of someone analyzing it and creating more bugs. 
Moreover, it’s expensive to fix the bug, test the patched software, and then 
distribute it to their customers. Thus, unless the bug is highly likely to be 
exploited, it is not attended to right away. The problem with this approach 
is that the software publisher may not be aware of how exploitable the bug 
is. Criminals and cyber warriors have an interest in finding ways to exploit 
bugs that appear relatively harmless. That turns the bug into ammunition 
for the cyber war and a way to make money for the criminals. 

In preparation for a cyber war, ammo supply is critical. Put simply, 
whoever has identified the largest number of vulnerabilities (unpatched, of 
course), and has turned them into exploits, will win. There’s a lot of evi- 
dence that the United States and China have both compiled large arsenals 
and tested a lot of their stuff. Other countries are players as well, but the 
U.S. and China appear to be the superpowers of cyber war. 

The United States has an edge in the number of potential “mercenaries” 
(commercial security firms and freelance experts) it could enlist for the war 
effort. China openly encourages its hackers to go out and practice on for- 
eigners, especially the Japanese (still hated for World War II-era atrocities) 
and the United States. China is also believed to have arrangements and un- 
derstandings with the gangs that specialize in Internet-based crime. Re- 


Cyber War 57 


member, China is still a police state, and Communist secret police organi- 
zations have long been known to use criminal organizations for all sorts of 
things. In the United States, some police agencies have been known to at 
least open communications channels with Internet criminals, if only for in- 
telligence purposes. But in wartime, offers of employment might be made 
as well. (There is plenty of historical precedent for this, from the U.S. gov- 
ernment’s alleged relationship with mobster Lucky Luciano during World 
War II to JFK working with the Mafia to whack Fidel to the current hiring 
of shady characters to inform on terrorists or even kill them.) 

The big problem with cyber war is that no one has yet had a lot of ex- 
perience with fighting a high-intensity cyber conflict. Without that digital 
“trench combat” experience, no one can be sure what will happen when 
someone attempts to engage in it at maximum strength. Nuclear weapons 
have a built-in inhibition—the user risks getting nuked in a counterattack. 
Not so with cyber weapons. There appears to be little inhibition about 
going all-out with cyber weapons. This lack of deterrence is a huge danger. 
Unlike nukes, cyber war doesn’t usually kill a lot of people or cause a lot of 
property damage. What cyber war does is weaken an enemy so that more 
conventional weapons can more easily be used to finish the job. 

Cyber war is a growing threat. With few technical inhibitions and the 
easy political deniability (the “prove that we did it” defense), the odds are 
things in the virtual warfare world are going to get a lot worse. 


THE CYBER WAR SUPERPOWERS 

At the moment there are two cyber war superpowers on the planet: 
the United States and China. There could be another superpower, a virtual 
superpower, one that has not yet revealed itself. A scary thought? In- 
deed—and cyber war combatants must consider the possibility. 

The United States and China, however, are definitely superpowers 
in cyberspace. 


United States 

The American cyber war capabilities are believed to consist of NSA 
(National Security Agency) and Department of Defense operations. In ad- 
dition to specialized organizations within the Department of Defense, 
there is the U.S. Air Force Cyber Command (AFCYBER). In addition, all 
air force recruits will now receive some basic cyber war training as part of 
boot camp. Many of the new training courses are existing ones that have 
been renamed or slightly modified. The air force has been deeply involved 
with electronic warfare for more than 60 years and Internet-based opera- 


58 A Quick and Dirty Guide to War 


tions for over a decade. The new training courses will take from six to 15 
months to complete, and it will take more than seven years to get the full 
complement of people trained and experienced enough to do what needs 
to be done. 

All these new people will staff the 8th Air Force, which will also be 
known as AFCYBER. The newly established Internet operations organiza- 
tions will be combined with some of the older electronic warfare ones, 
which will get the new operation up to speed more quickly. 

The USAF already has several Internet monitoring and cyber war op- 
erations, which contain a lot of high-priced civilian contractors (many of 
them former air force personnel who went looking for more money and 
opportunities in the civilian world). The air force found that the rapidly 
expanding adoption of the Internet not only caused a lot of its Internet 
specialists to go over to the commercial side but forced it to pay much 
more money to get some of these hotshots back. 

Thousands of existing air force electronic warfare specialists will be 
assigned or offered jobs in AFCYBER. This will include units operating U2 
strategic reconnaissance aircraft, EC-135 electronic-eavesdropping air- 
craft, EC-130E Commando Solo radio/TV broadcasting aircraft, and the 
EC-130H Compass Call radio-jamming aircraft. 

AFCYBER will have more than 20,000 personnel, and the air force is 
recruiting officers and airmen from all over the air force for careers in 
cyber war jobs. Not all of the people trained as cyber warriors will be in 
the 8th Air Force; many will be assigned throughout the air force to take 
care of cyber war needs of their units. 


China 

Back in the late 1990s, the Chinese Defense Ministry established the 
NET Force. Initially a research organization, its mission was to measure 
China’s vulnerability to attacks via the Internet. Soon this led to examining 
the vulnerability of other countries, especially the United States, Japan, and 
South Korea (all heavy Internet users). NET Force has continued to grow. 

NET Force was soon joined by an irregular civilian militia: the “Red 
Hackers Union” (RHU). These are several hundred thousand patriotic Chi- 
nese programmers and Internet engineers who wished to assist the moth- 
erland and put the hurt, via the Internet, on those who threaten or insult 
China. The RHU began spontaneously, but the government has assumed 
some control without turning the voluntary organization into another bu- 
reaucracy. Various ministries have liaison officers who basically keep in 
touch with what the RHU is up to (mostly the usual geek chatter) and in- 
tervene only to “suggest” that certain key RHU members back off from 


Cyber War 59 


certain subjects or activities. Such suggestions carry great weight in China, 
where people who misbehave on the web are very publicly prosecuted and 
sent to jail. For those RHU opinion leaders and ace hackers who cooperate, 
there is all manner of benefits for their careers, not to mention some le- 
niency if they get into trouble with the authorities. Many government offi- 
cials fear the RHU, believing that it could easily turn into a 
counterrevolutionary force. So far, the Defense Ministry and NET Force 
officials have assured the senior politicians that they have the RHU under 
control. But already, there are problems with RHU members who are ex- 
pressing dissatisfaction with government efforts to control Internet access. 

Starting in the late 1990s, China assembled what has now become 
30,000 Ministry of Public Security employees manning the Golden Shield 
Project (also known as the Great Firewall of China) to monitor Internet 
use throughout the country. In the last decade, over a billion dollars has 
been spent on this effort. While the Great Firewall cannot stop someone 
expert at how the Internet works, it does greatly restrict the other 99 per- 
cent of Internet users. And it provides lots of information about what is 
going on inside all that online traffic. 

Foreign intelligence agencies are beginning to find the Great Firewall 
of China going from nuisance to obstacle. This has put these organizations 
in a difficult position. In the United States, the feds feel compelled to work 
with hackers who are developing new ways to tunnel through the Golden 
Shield. There are several nongovernmental outfits that are involved with 
this effort, and most are hostile to intelligence agencies. Nevertheless, 
some relationships have been formed to deal with mutual problems. 

It’s not only the intel agencies who are keen to learn their way around 
and through the Great Firewall; cyber war organizations see it as a major 
defensive weapon as well. The Chinese have a much better idea of what is 
coming into their country via the Internet, and that makes it easier to 
identify hostile traffic and deal with it. Some American cyber war officials 
are broaching the idea of building something like Golden Shield, but just 
for military purposes. But that would be difficult in most Western coun- 
tries because of privacy issues. 

With Golden Shield, China could unleash worms and viruses on the 
Internet and use Golden Shield to prevent Chinese systems from becom- 
ing infected. China needs every advantage it can get, because it has the 
worst protected, and most infected, PCs in the world. This is largely the 
result of so many computers using pirated software and poorly trained op- 
erators. Meanwhile, the thousands of people running the Golden Shield 
are gaining valuable experience and becoming some of the most skillful In- 
ternet engineers on the planet. 


60 A Quick and Dirty Guide to War 


These three organizations, which apparently work closely with each 
other, have provided China with a formidable cyber war capability. NET 
Force, with only a few thousand personnel, appears to be the controlling 
organization for cyber war activities. With the RHU and Golden Shield, it 
can mobilize formidable attacks as well as provide great defensive poten- 
tial. No other nation has anything like it. 


QUICK LOOK: The Estonian Cyber Skirmish: 
War—or Crime—in Cyberspace? 


This “Quick Look” is based on Austin Bay’s Creators Syndicate newspa- 
per column of January 1, 2008. 


In the Information Age, the difference between an act of war and a 
criminal act is often a matter of interpretation as well as degree. 

Attack a nation’s highways and railroads, and you've attacked trans- 
portation infrastructure. You've also committed an obvious, recognized 
act of war. 

An electronic attack doesn’t leave craters or bleeding human casual- 
ties, at least not in the same overt sense of an assault with artillery and 
bombs. However, the economic costs can be much larger than a classic 
barrage or bombing campaign. 

Cyberspace has become a much busier and more dangerous place 
since 1990. In the 21st century, entire nations rely on computer networks 
for communications, economic transfers, and information storage. This 
increased economic and information reliance means that in the 21st cen- 
tury, targeting a nation’s electronic infrastructure is an act of war. 

Bankers know this. So do intelligence agencies. Diplomats and politi- 
cal leaders must also come to grips with this reality. 

Everyone with a personal computer understands the basic concepts of 
cyber warfare. Link your laptop to the Internet and you link to the great 
collective of the Information Age. You also connect to a digital disease 
pool populated by viruses that can instantly erase electronic brains. That 
means data is destroyed—perhaps less messily, but just as thoroughly, as 
an attack with a high-explosive bomb. 

You also enter a world where even trusted websites may leave a track- 
ing “cookie” on your own computer so they can know something about 


Cyber War 61 


your Internet shopping preferences. There are, however, even more ag- 
gressive programs that allow inquisitive geeks to follow everything you 
read and write. These cyber spyware programs are a form of cyber spy 
war. Add more sophisticated digital trickery and additional levels of pene- 
tration wizardry and programs like these could steal secrets from em- 
bassies and defense facilities. 

Spies and soldiers know cyber attacks aren’t new and that institutional 
computer systems—even large, ostensibly well-protected ones like those 
used by banks, big businesses, and government agencies—are vulnerable. 

In April 2007, the world got a look at the economic and psychological 
effects of a “massed” cyber attack—a sophisticated, sustained, and coordi- 
nated hack of an entire country. 

Estonia was the victim. Estonia is a “wired” society—the country has 
made Internet access an economic and political priority. Over a period of 
weeks (April through mid-May), Estonia suffered from what the Washing- 
ton Post described as “massive and coordinated cyber attacks on Websites 
of the government, banks, telecommunications companies, Internet serv- 
ice providers and news organizations.’ 

Bank accounts were probed, e-mail services shut down. 

Estonia's minister of defense called the attacks “organized attacks on 
basic modern infrastructures.” According to press reports, Estonia claimed 
that the attacks originated at the Internet addresses of “state agencies in 
Russia.” Russia denied the charge, attributing the attacks to criminals and 
vandals—and as of 2008, there is no concrete evidence to suggest the 
Russian government was involved. 

Computers and computer networks are also lucrative targets for crimi- 
nals, and there is no doubt that the Internet is rife with criminal activity. 
On September 5, 2007, StrategyPage.com called China “Computer Crime 
Central.’ The StrategyPage report focused on “poisoned” websites that try 
to steal financial data (like bank account login information). StrategyPage 
argued that some Internet criminal activity appeared to link to “attacks on 
Western military and government networks.” 

Those attacks certainly occur. On September 3, 2007, the Financial 
Times reported that China's military had hacked a Pentagon computer net- 
work in June 2007. That followed reports that German Chancellor Angela 
Merkel had complained about Chinese hacking of German computer sys- 
tems to China’s premier. 

A criminal act or an act of war? Until 9/11, the U.S. government 
treated terror as a criminal-type activity to be confronted with a robust 
law-enforcement effort. That approach, however, proved inadequate. 


